This is a guest post by Natalia David.
The entire tech world is familiar with the Yahoo Voice debacle resulting in the exposure of over 400,000 users’ email addresses and passwords. As reported by Reuters and many tech news sites, the bunch of hackers claiming responsibility of this attack go by the title of the D33Ds (deeds) company and on their site remarked that they hope the security management will consider this a favor, a ‘good deed’ so to speak, rather than a threat, which will aid them filling in the cracks in their security system. Furthermore, Yahoo is not the only web goliath that fell prey to hacking in last few months. Last week, Nvidia, a U.S. semiconductor manufacturer, reported that around 400,000 users of its forum had their encrypted passwords stolen while over 6.5 million LinkedIn users’ had their passwords compromised as result of a breach in June this year.
Is there a way to be secure?
The bigger tech picture on the whole seems gloomy because of the ever increasing network breaches related to companies all around the world and the widespread existence of computer spy software and other malicious applications. However, there are a number of security measures that such organizations can take up in order to safeguard their users’ sensitive information. The director of product management at Thales e-Security-a data protection solutions provider, Mark Knight explains recommended practices regarding protection of passwords in great detail. He expounds that the safety techniques are available today, if we take into account the type of environments being attacked successfully we come across social media sites for the most part while other services that are used quite commonly, like online banking, have been noted to be a lot more secure in the same time period. Like incidents of major banking security breaches are not common, implying that the expertise and technology for such security measures do exist. The problem lies in the fact that such measures are deployed generally by industries like financial services and the change that needs to be brought about is the application of these techniques to other areas like social media and basically every site that’s hosts online services.
Why aren’t these techniques employed?
The reason for the limited use of such techniques by a variety of organizations, belonging to government, private, social media and retail sector, is twofold. Firstly, the economic necessity for these companies has been to gain subscriber numbers in order to figure out a way of monetizing the customer base. Secondly, most of these organizations were start ups initially and have now growth beyond their anticipation in the start, when security was not exactly on top of their lists while engineering their solutions. Eventually, it boils down to a change in approach that these companies require in order for them to realize that their reputation is at stake due to security concerns while their ignorance or indifference to this fact can be followed by legislative measures imposing regulations on these companies if such breaches are not done away with.
While the users should shoulder some responsibility in terms of securing their passwords, Knight argues for the contrary. He asserts that users are not always in a position to say as to how their information will be protected. When an average consumer uses an online service he/she has neither the information nor the expertise to determine the level of information security, leaving them relying on having faith in the brand, which in turn puts brand repute at the fulcrum.
About the author: Natalia David writes about and significantly contributes towards computer and internet monitoring software, mobile phone spy software and spy software for blackberry. If you want to know more about Natalia you can follow her on twitter @NataliaDavid4